Read on Twitter
Let me explain what the SolarWinds hack is and why focusing on “supply chain” software is so insidious. Cyber security is focused on detecting threats from the outside, not from within. https://www.newsweek.com/us-government-reliance-commercial-software-makes-it-susceptible-future-cyber-attacks-1555807
Looking at a list of approved government vendors, Russia targeted them. The goal was by compromising an IT product in the “supply chain” they could then gain access to the larger US network, through that product.
The first step was gaining access to the server that sends updates to a SolarWinds application. Those updates, like the ones for your iPhone, are sent to installed applications on gov, commercial, edu etc networks. And they are trusted. Nobody checks a patch to see for security.
So the SolarWinds server sent what appeared to be a legitimate update - because it was. The patch was digitally signed by SolarWinds and security officials to analyze patches for security risk, rather, they make sure it doesn’t break anything.
But this hack was smart, it waited 14 days before it contacted its C2 node. Who watches a patch for 14 days? It opened a door to servers running this patch for the Russians to walk through and get to other servers.
What they subsequently gained access too is unknown — and that is terrifying.
